Can default P2P settings break the law? US says yes

The Federal Trade Commission has decided that certain default software settings can violate the law against “unfair or deceptive acts or practices in or affecting commerce.” The agency recently went after the peer-to-peer filesharing program FrostWire for sharing too many user files by default, something that could easily lead to identity theft, copyright infringement, and the loss of “intimate photographs.” That's right: the federal government now goes to court to protect the privacy of your nude smartphone pics.

FrostWire settled the charges today and agreed to numerous changes to its default settings. It will also push a patch to change settings for current users.

FrostWire is file-sharing software created from a fork of the open-source LimeWire code. With LimeWire now shuttered by court order, FrostWire has proven popular, but the FTC argues that both its mobile and desktop versions deceive users and share far too much information. With FrostWire for Android smartphones, the default installation automatically shares pictures, video, documents, and music files on the device—including existing, user-generated photos from the built-in camera or user documents copied from a desktop computer running Frostwire Desktop.

Once shared, the mobile app made it difficult to un-share categories of files. The FTC complaint provides an example:

A consumer with 200 photos on her mobile device who installed the application with the intent of sharing only 10 of those photos first had to designate all 200 photos in the “Picture” category as shared, and then affirmatively unshare each of the 190 photos that she wished to keep private. She also needed to remember, when next running the application, to unshare the category or individually unshare any new photos she might have taken in the meantime in order to keep the new photos private. Nothing in the FrostWire for Android installation and setup process, or the application's user interface, adequately informed consumers that the application operated in this manner.

The agency charged that this approach could lead to the loss of voice recordings made on the phone or “intimate photographs” taken with the phone. It might also lead people to unintentionally share copyrighted material, or lose personal documents that could increase the risk of identity theft.

FrostWire's desktopAndroid integration

But was this level of default sharing actually illegal? The FTC argues that the process was so confusing and opaque to most users that they would "unwittingly" share information, and that there were no "countervailing benefits to consumers or competition" from this sharing.

It also claimed that the defaults ran "counter to standard software development guidance, and counter to established practices in the development of file-sharing applications.” As for the FrostWire desktop program, the agency pointed to numerous confusing situations in which downloaded files were automatically shared over the network, even when saved to a folder that itself was not shared.

FrostWire manager Angel Leon has agreed to make changes to his programs. Defaults will be altered, sharing will be explained more clearly, and updates will be pushed out to existing users. With the Android app, for instance, Leon is required to update the code so that it "designates all previously shared files on those computers not to be shared by the application unless consumers using those computers affirmatively select them to be shared."

Update: Leon tells Ars that the issues have been been fixed in all recent versions of FrostWire. "We're software developers of a free app and we saw the complaints from the FTC as bugs that needed to be fixed," he said by e-mail. "In a few days we had already made both of our softwares (Desktop and Android) fully compliant with the FTC proposal." Current FrostWire downloads make more clear what's being shared, and the FrostWire team has also transitioned away from the spam-plagued Gnutella network to BitTorrent.